1PSCAN(1)                    General Commands Manual                   PSCAN(1)
2
3
4

NAME

6       pscan - Format string security checker for C source code
7

SYNOPSIS

9       pscan [options]
10

DESCRIPTION

12       pscan  is  a  source  code analysis tool which is designed to highlight
13       potentially dangerous uses of  variadic  functions  such  as  "printf",
14       "syslog",  etc.  The scan works by looking for a one of a list of prob‐
15       lem functions, and applying the following rule:
16
17       IF the last parameter of the function is the  format  string,  AND  the
18       format string is NOT a static string, THEN complain.
19

LIMITATIONS

21       The  code  will  not report on some potention buffer overflows, because
22       that is not its goal. For example the following code is potential  dan‐
23       gerous:
24
25         sprintf(static_buffer,  %s/.foorc", getenv("HOME"));"
26
27       This  code  could  cause  an  issue  as there is no immediately obvious
28       bounds checking. However this is a safe usages with regards  to  format
29       strings.
30

RETURN VALUES

32       If there are any errors found, pscan exits with status 1.
33

AUTHOR

35       Alan DeKok <aland@ox.org>
36
37
38
39                                                                      PSCAN(1)
Impressum